Ok, I have to say I've never seen this one in the typical Hoax "alerts"
people pass around, I'm not sure how these programs can "lie dormant until
activated" (sure crontab, but it'd be pretty obvious somethings up..)
anyone confirm this is a hoax?
>>>>
Malicious programs lie in wait, FBI warns
By Bruce V. Bigelow
STAFF WRITER
Union-Tribune Publishing Co.
December 15, 1999
The FBI's nerve center for cyberspace crimes has warned that outlaw hackers
may use a new class of malicious software to cripple Internet operations
and
other computer networks on New Year's Eve.
Under a "worst-case but clearly possible scenario," the National
Infrastructure Protection Center says the destructive new programs could be
used to wreak havoc during the Y2K period.
The center issued its alert last week to computer-security professionals
throughout the United States.
Some of those experts already are alarmed, saying thousands of copies of
the
malicious programs have been discovered in Unix and Linux-based computers
operated by corporations, governments and universities.
Dormant danger
The malicious programs -- including ones dubbed "trinoo" and "Tribe Flood
Network" -- typically lie dormant until activated. Once activated, however,
the program orchestrates a coordinated attack -- commanding legions of
machines to transmit a flood of computerized data to a particular system.
"It's like puting something into a computer and then issuing a command that
says, 'Lazarus come forth!' " said Gene Schultz, a network security expert
at
SAIC's Global Integrity Corp.
In its alert, the FBI center says the unknown perpetrators apparently have
targeted "high bandwidth Internet connections," such as computers operated
by
universities.
Thousands of illicit programs also have been found in computers operated by
major telecommunication corporations.
The center urges computer network owners to rapidly examine their systems
for
signs that the programs such as trinoo have been covertly installed.
Significant concerns
"NIPC recommends these actions as strongly as any of the instructions
provided by information technology security personnel for Y2K preparation,"
the bulletin says.
Officials at the FBI center, which was established last year, were
unavailable for comment on the alert.
In its bulletin, however, the center says it is "highly concerned about the
scale and significance" of reports it has received.
"Some of the known cases involve substantial financial loss, with at least
one million-dollar loss known to date," the alert states. "The FBI is
currently investigating a large number of these cases through many
different
field offices."
In one attack, a network computer operated by the University of Minnesota
was
rendered unusable for almost two days. The system was swamped by data
traffic
transmitted from at least 227 different computer "slaves," including more
than 100 compromised computers operated by the University of Washington.
One of the problems for system administrators is determining who's the
victim
and who's the attacker, said Dave Dittrich, who worked to resolve the
problems at the University of Washington.
Experts who have analyzed the malicious code say programs like trinoo are
used to covertly establish a nefarious network of hundreds or even
thousands
of unwitting "slave" computers.
The network of slaves can then be used at any time to transmit a flood of
computerized data to a particular system, overwhelming the targeted site in
a
coordinated assault known as a "denial of service" attack.
The malicious programs have nothing to do with the Y2K problem itself,
which
stems from a decades-old programming glitch involving the change in dates
from 1999 to the year 2000.
But to malicious hackers, the tolling of the midnight bell on New Year's
Eve
offers a chance to cause trouble, since any disruptions might be blamed on
Y2K, said Tom Perrine of UCSD's San Diego Supercomputer Center.
*
* NOTE: In accordance with Title 17 <U.S.C.> Section 107, this material
* is distributed without profit or payment to those who have expressed a
* prior interest in receiving this information for non-profit research and
* educational purposes only. Provided by G2-Forward.
--
To unsubscribe: mail [EMAIL PROTECTED] with "unsubscribe"
as the Subject.
